function require_valid_app_key($appName, $user_api_key, $user_app_key) { if (AUTH::is_valid_app_key($appName, $user_api_key, $user_app_key) == false) { header('location: /202-account/app-key-required.php'); die; } }
//if no user_pass errors if (!$error) { $user_pass = salt_user_pass($_POST['new_user_pass']); $mysql['user_pass'] = mysql_real_escape_string($user_pass); $mysql['user_id'] = mysql_real_escape_string($_SESSION['user_id']); $user_sql = "\tUPDATE \t`202_users`\n\t\t\t\t\t\t\tSET \t\t`user_pass`='" . $mysql['user_pass'] . "'\n\t\t\t\t\t\t\tWHERE \t`user_id`='" . $mysql['user_id'] . "'"; $user_result = _mysql_query($user_sql); $change_user_pass = true; } } $html = array_merge($html, array_map('htmlentities', $_POST)); } $html['user_id'] = htmlentities($_SESSION['user_id'], ENT_QUOTES, 'UTF-8'); $html['user_username'] = htmlentities($_SESSION['user_username'], ENT_QUOTES, 'UTF-8'); //check to see if this user has stats202 enabled $_SESSION['stats202_enabled'] = AUTH::is_valid_app_key('stats202', $_SESSION['user_api_key'], $_SESSION['user_stats202_app_key']); template_top('User Profile', NULL, NULL, NULL); ?> <style> .my-account-tables { margin: 0px auto; } .my-account-tables td { width: 150px; } </style> <form method="post" action="" enctype="multipart/form-data"> <input type="hidden" name="update_profile" value="1" /> <input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?> " />
<?php include_once $_SERVER['DOCUMENT_ROOT'] . '/xtracks-app/bootstrap.php'; AUTH::require_user(); //before loading the offers202 page, check to make sure this users api key is valid, //if they do not have one, they will have to generated one AUTH::require_valid_api_key(); template_top('Offers202'); include_once 'top.php'; include_once 'form.php'; template_bottom();
$tracker_sql = "SELECT 202_trackers.user_id,\n\t\t\t\t\t\t202_trackers.aff_campaign_id,\n\t\t\t\t\t\ttext_ad_id,\n\t\t\t\t\t\tppc_account_id,\n\t\t\t\t\t\tclick_cpc,\n\t\t\t\t\t\tclick_cloaking,\n\t\t\t\t\t\taff_campaign_rotate,\n\t\t\t\t\t\taff_campaign_url,\n\t\t\t\t\t\taff_campaign_url_2,\n\t\t\t\t\t\taff_campaign_url_3,\n\t\t\t\t\t\taff_campaign_url_4,\n\t\t\t\t\t\taff_campaign_url_5,\n\t\t\t\t\t\taff_campaign_payout,\n\t\t\t\t\t\taff_campaign_cloaking\n\t\t\t\tFROM 202_trackers \n\t\t\t\tLEFT JOIN 202_aff_campaigns USING (aff_campaign_id) \n\t\t\t\tWHERE tracker_id_public='" . $mysql['tracker_id_public'] . "'"; $tracker_row = memcache_mysql_fetch_assoc($db, $tracker_sql); if ($memcacheWorking) { $url = $tracker_row['aff_campaign_url']; $tid = $t202id; $getKey = $memcache->get(md5('url_' . $tid . systemHash())); if ($getKey === false) { $setUrl = $memcache->set(md5('url_' . $tid . systemHash()), $url, false, 0); } } //set the timezone to the users timezone $mysql['user_id'] = $db->real_escape_string($tracker_row['user_id']); $user_sql = "\n\tSELECT\n\t\tuser_timezone, \n\t\tuser_keyword_searched_or_bidded,\n\t\tmaxmind_isp \n\tFROM\n\t\t202_users\n\t\tLEFT JOIN 202_users_pref USING (user_id)\n\tWHERE\n\t\t202_users.user_id='" . $mysql['user_id'] . "'\n"; $user_row = memcache_mysql_fetch_assoc($db, $user_sql); //now this sets it AUTH::set_timezone($user_row['user_timezone']); if (!$tracker_row) { die; } //get mysql variables $mysql['aff_campaign_id'] = $db->real_escape_string($tracker_row['aff_campaign_id']); $mysql['ppc_account_id'] = $db->real_escape_string($tracker_row['ppc_account_id']); $mysql['click_cpc'] = $db->real_escape_string($tracker_row['click_cpc']); $mysql['click_payout'] = $db->real_escape_string($tracker_row['aff_campaign_payout']); $mysql['click_time'] = time(); $mysql['text_ad_id'] = $db->real_escape_string($tracker_row['text_ad_id']); /* ok, if $_GET['OVRAW'] that is a yahoo keyword, if on the REFER, there is a $_GET['q], that is a GOOGLE keyword... */ //so this is going to check the REFERER URL, for a ?q=, which is the ACUTAL KEYWORD searched. $referer_url_parsed = @parse_url($_SERVER['HTTP_REFERER']); $referer_url_query = $referer_url_parsed['query']; @parse_str($referer_url_query, $referer_query);
function memcache_set_user_key($sql) { if (AUTH::logged_in() == true) { global $memcache; $sql = md5($sql); $user_id = $_SESSION['user_id']; $getCache = $memcache->get(md5($user_id . systemHash())); $queries = explode(",", $getCache); if (!in_array($sql, $queries)) { $queries[] = $sql; } $queries = implode(",", $queries); $setCache = $memcache->set(md5($user_id, $queries . systemHash()), false); } }
<?php include_once $_SERVER['DOCUMENT_ROOT'] . '/xtracks-app/bootstrap.php'; if ($_SERVER['REQUEST_METHOD'] == 'POST') { try { AUTH::login($_POST['user_name'], $_POST['user_pass']); //redirect to account screen header('location: /overview/'); } catch (Exception $e) { $error['user'] = sprintf('<div class="error">%s</div>', $e->getMessage()); } $html['user_name'] = htmlentities($_POST['user_name'], ENT_QUOTES, 'UTF-8'); } info_top(); ?> <form method="post" action=""> <input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?> "/> <table cellspacing="0" cellpadding="5" style="margin: 0px auto;" > <?php if ($error['token']) { printf('<tr><td colspan="2">%s</td></tr>', $error['token']); } ?> <tr> <td>Username:</td> <td><input id="user_name" type="text" name="user_name" value="<?php echo $html['user_name']; ?>
<?php include_once $_SERVER['DOCUMENT_ROOT'] . '/202-config/connect.php'; AUTH::require_user(); ?> <select class="form-control input-sm" name="aff_network_id" id="aff_network_id" onchange="load_aff_campaign_id($(this).val(), 0); load_landing_page(this.value); load_text_ad_id(this.value);"> <option value="0"> -- </option> <?php $mysql['user_id'] = $db->real_escape_string($_SESSION['user_id']); $aff_network_sql = "SELECT * FROM `202_aff_networks` WHERE `user_id`='" . $mysql['user_id'] . "' AND `aff_network_deleted`='0' ORDER BY `aff_network_name` ASC"; $aff_network_result = $db->query($aff_network_sql) or record_mysql_error($aff_network_sql); while ($aff_network_row = $aff_network_result->fetch_array(MYSQL_ASSOC)) { $html['aff_network_name'] = htmlentities($aff_network_row['aff_network_name'], ENT_QUOTES, 'UTF-8'); $html['aff_network_id'] = htmlentities($aff_network_row['aff_network_id'], ENT_QUOTES, 'UTF-8'); if ($_POST['aff_network_id'] == $aff_network_row['aff_network_id']) { $selected = 'selected=""'; } else { $selected = ''; } printf('<option %s value="%s">%s</option>', $selected, $html['aff_network_id'], $html['aff_network_name']); } ?> </select>
"><?php echo e($status->user->getNameOrUsername()); ?> </a></h4> <p><?php echo e($status->body); ?> </p> <ul class="list-inline"> <!--Outputs the timestap it was created of the $status object creation time || WHAT IS diffForHumans?--> <li><?php echo e($status->created_at->diffForHumans()); ?> </li> <?php if ($status->user->id !== AUTH::user()->id) { ?> <li><a href="<?php echo e(route('status.like', ['statusId' => $status->id])); ?> ">Like</a></li> <?php } ?> <li><?php echo e($status->likes->count()); ?> <?php echo e(str_plural('like', $status->likes->count())); ?> </li>
<?php include_once $_SERVER['DOCUMENT_ROOT'] . '/202-config/connect.php'; if (AUTH::logged_in()) { header('location: /202-Mobile/mini-stats'); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { $mysql['user_name'] = $db->real_escape_string($_POST['user_name']); $user_pass = salt_user_pass($_POST['user_pass']); $mysql['user_pass'] = $db->real_escape_string($user_pass); //check to see if this user exists $user_sql = "\tSELECT \t* \n\t\t\t\t\tFROM \t\t202_users \n\t\t\t\t \tWHERE \tuser_name='" . $mysql['user_name'] . "'\n\t\t\t\t\tAND \t\tuser_pass='******'user_pass'] . "'"; $user_result = _mysqli_query($user_sql); $user_row = $user_result->fetch_assoc(); if (!$user_row) { $error['user'] = '******'; } //check tokens /* ($_POST['token'] != $_SESSION['token']) { $error['token'] = '<div class="error">You must use theses forms to submit data.</div'; }*/ //RECORD THIS USER LOGIN, into user_logs $mysql['login_server'] = $db->real_escape_string(serialize($_SERVER)); $mysql['login_session'] = $db->real_escape_string(serialize($_SESSION)); $mysql['login_error'] = $db->real_escape_string(serialize($error)); $mysql['ip_address'] = $db->real_escape_string($_SERVER['REMOTE_ADDR']); $mysql['login_time'] = time(); if ($error) { $mysql['login_success'] = 0; } else { $mysql['login_success'] = 1;
$query = $query->response; $query = $query[0]; $check = $action->loginCheck($query, $request); if (!$check) { echo json_encode(array('error' => 'Credentials Don\'t match. Please correct and try again.')); throw new Exception("Credentials don't match. Please try again.", 401); end($app); } $action = new Identity(); $user = $action->login($request); $query = new Request(); $user = $query->query($user); $user = $user[0]; $user['fname'] = decode5t($user['fname']); $user['lname'] = decode5t($user['lname']); $auth = new AUTH(); $auth->set($_SERVER['HTTP_ORIGIN'], $user['email']); $response['Ident'] = $user; $response['Auth'] = $auth->token; $tok = new AUTHTOKEN(); $tok->get(); $jwt = JWT::encode($response, $tok->response); echo json_encode($jwt); }); // Refresh $app->post('/refresh', function () use($app) { $request = (array) json_decode($app->request->getBody()); $action = new Identity(); $action->refresh($request); $query = new Request(); $user = $query->query($action->sql);
session_destroy(); $app->redirect('login'); }); $app->post('/login', function () use($app) { //block ip if (AUTH::is_block()) { $app->redirect('login'); } $post = $app->request()->post(); if (isset($post['uid']) && isset($post['pwd'])) { $uid = $post['uid']; $pwd = $post['pwd']; if ($uid == '' || $pwd == '') { $app->redirect('login'); } $auth = new AUTH($uid); if ($auth->login($pwd) === true) { $_SESSION['auth'] = true; $_SESSION['auth_uid'] = $uid; $app->applyHook('account.login_success', $uid); $app->redirect('./'); } else { if ($auth->acc_flag == 'locked') { $app->applyHook('account.log', array($uid, 'locked')); } else { $app->applyHook('account.login_failed', $uid); } } } $app->redirect('login'); });
<?php # archive.php # 1. logic AUTH::kickout('login'); $user = new User(); $user->load(AUTH::user()); $project = new Project(); $project->load(['slug' => Route::param('slug')]); $projects = new Projects_Collection(); $projects->where(['deleted' => '1']); $projects->where(['user_id' => AUTH::user_id()]); $projects->get(); $tasks = new Tasks_Collection(); $tasks->where(['deleted' => '0']); $tasks->where(['user_id' => AUTH::user_id()]); $tasks->where(['project_id' => $project->id]); $tasks->order_by('progress', 'ASC'); $tasks->get(); # 2. views include VIEWS . 'header.php'; include VIEWS . 'archive.php'; include VIEWS . 'footer.php';
<?php # delete_task.php # 1. logic AUTH::kickout('login'); $project = new Project(); $project->load(['slug' => Route::param('slug')]); $task = new Task(); $task->load(Route::param('id')); $task->delete(); # 2. views URL::redirect('/' . $project->slug);
<?php $app->get('/', function () use($app) { $app->redirect('home'); }); $app->get('/home', function () use($app) { $auth = new AUTH($_SESSION['auth_uid']); $app->render('home.html', array('breadcrumb_title' => '首頁', 'login_log_err' => $auth->get_log(0), 'login_log_ok' => $auth->get_log(1))); });
<?php # edit_task.php # 1. Logic $projects = new Projects_Collection(); $projects->where(['deleted' => '0']); $projects->where(['user_id' => AUTH::user_id()]); $projects->get(); $project = new Project(); $project->load(['slug' => Route::param('slug')]); if (Input::posted()) { $project->fill(Input::all()); $project->save(); URL::redirect('/' . $project->slug); } Sticky::set('project_name', $project->project_name); Sticky::set('project_description', $project->project_description); Sticky::set('deadline', $project->deadline); $title = 'Edit Project'; #2. Views include VIEWS . 'header.php'; include VIEWS . 'new_project.php'; include VIEWS . 'footer.php';
<?php /* parameters: session = "connection=db;table=users;login=login;password=secret;encoding=md5;fields=id,login,name,email,role" */ $LIB_NAME = "Session"; $LIB_ALIAS = "AUTH"; require_once dirname(__FILE__) . "/MantellaSession.php"; class_alias('MantellaSession', $LIB_ALIAS); $parameters = explode(";", CONF::get('vendor_' . $LIB_NAME)); $params = array(); foreach ($parameters as $p) { $p = explode("=", trim($p)); $params[trim($p[0])] = trim($p[1]); } AUTH::init($params);
foreach ($tmp as $item) { $opt[$item->option_key] = $item->option_value; } $tpl['option'] = $opt; $info = unserialize($user->acc_company); if (is_array($info)) { while ($k = key($info)) { $tpl['info_' . $k] = $info[$k]; next($info); } } $app->render('profile.html', $tpl); }); $app->post('/ajax_save_pwd', function () use($app) { $post = $app->request()->post(); $auth = new AUTH($_SESSION['auth_uid']); if ($auth->login($post['old_pwd'])) { if ($post['new_pwd'] != $post['confirm_pwd']) { $msg = array('class' => 'error', 'msg' => '兩次輸入的密碼不同'); } else { $rt = $auth->setpwd($post['new_pwd']); if ($rt) { $msg = array('class' => 'success', 'msg' => '變更密碼完成'); } else { $msg = array('class' => 'error', 'msg' => '變更失敗'); } } } else { $msg = array('class' => 'error', 'msg' => '舊密碼錯誤'); } $app->render('_notice.html', $msg);
<?php include_once $_SERVER['DOCUMENT_ROOT'] . '/202-config/connect.php'; AUTH::require_user(); //set the timezone for the user, for entering their dates. AUTH::set_timezone($_SESSION['user_timezone']); //show the template template_top('Spy View', NULL, NULL, NULL); ?> <div id="info"> <h2>Spy View</h2> Spy is a live view of visitors interacting with your affiliate campaigns. </div> <?php display_calendar('/tracking202/ajax/click_history.php?spy=1', false, true, true, false, false, true, false); ?> <script type="text/javascript"> if($('s-status-loading')) { $('s-status-loading').style.display=''; } runSpy(); new PeriodicalExecuter(runSpy, 5); </script> <?php template_bottom();
} include_once $_SERVER['DOCUMENT_ROOT'] . '/202-config/connect2.php'; //grab tracker data $mysql['tracker_id_public'] = $db->real_escape_string($tracker_id); $rotator_sql = "SELECT tr.user_id,\n\t\t\t\t\t\ttr.ppc_account_id,\n\t\t\t\t\t\ttr.rotator_id,\n\t\t\t\t\t\ttr.click_cpc,\n\t\t\t\t\t\trt.default_url,\n\t\t\t\t\t\trt.default_campaign,\n\t\t\t\t\t\tca.aff_campaign_id,\n\t\t\t\t\t\tca.aff_campaign_rotate,\n\t\t\t\t\t ca.aff_campaign_url,\n\t\t\t\t\t ca.aff_campaign_url_2,\n\t\t\t\t\t ca.aff_campaign_url_3,\n\t\t\t\t\t ca.aff_campaign_url_4,\n\t\t\t\t\t ca.aff_campaign_url_5,\n\t\t\t\t\t ca.aff_campaign_payout,\n\t\t\t\t\t ca.aff_campaign_cloaking,\n\t\t\t\t\t\tur.user_timezone,\n\t\t\t\t\t \tup.user_keyword_searched_or_bidded,\n\t\t\t\t\t \tup.maxmind_isp\n\t\t\t\tFROM 202_trackers AS tr\n\t\t\t\tLEFT JOIN 202_rotators AS rt ON rt.id = tr.rotator_id\n\t\t\t\tLEFT JOIN 202_aff_campaigns AS ca ON ca.aff_campaign_id = rt.default_campaign\n\t\t\t\tLEFT JOIN 202_users AS ur ON ur.user_id = tr.user_id\n\t\t\t\tLEFT JOIN 202_users_pref AS up ON up.user_id = tr.user_id\n\t\t\t\tWHERE tracker_id_public='" . $mysql['tracker_id_public'] . "'"; $rotator_row = memcache_mysql_fetch_assoc($db, $rotator_sql); $user_id = $db->real_escape_string($rotator_row['user_id']); $user_keyword_searched_or_bidded = $db->real_escape_string($rotator_row['user_keyword_searched_or_bidded']); //grab rules data $mysql['rotator_id'] = $db->real_escape_string($rotator_row['rotator_id']); $rule_sql = "SELECT ru.id as rule_id,\n\t\t\t\t\t ru.redirect_url,\n\t\t\t\t\t ru.redirect_campaign,\n\t\t\t\t\t ca.aff_campaign_id,\n\t\t\t\t\t ca.aff_campaign_rotate,\n\t\t\t\t\t ca.aff_campaign_url,\n\t\t\t\t\t ca.aff_campaign_url_2,\n\t\t\t\t\t ca.aff_campaign_url_3,\n\t\t\t\t\t ca.aff_campaign_url_4,\n\t\t\t\t\t ca.aff_campaign_url_5,\n\t\t\t\t\t ca.aff_campaign_payout,\n\t\t\t\t\t ca.aff_campaign_cloaking\n\t\t\t\tFROM 202_rotator_rules AS ru\n\t\t\t\tLEFT JOIN 202_aff_campaigns AS ca ON ca.aff_campaign_id = ru.redirect_campaign\n\t\t\t\tWHERE rotator_id='" . $mysql['rotator_id'] . "' AND status='1'"; $rule_row = foreach_memcache_mysql_fetch_assoc($db, $rule_sql); if (!$rotator_row) { die; } AUTH::set_timezone($rotator_row['user_timezone']); $ip_address = $_SERVER['HTTP_X_FORWARDED_FOR']; if ($rotator_row['maxmind'] == '1') { $IspData = getIspData($ip_address); } else { $IspData = null; } //GEO Lookup $GeoData = getGeoData($ip_address); //User-agent parser $parser = Parser::create(); //Device type $detect = new Mobile_Detect(); $ua = $detect->getUserAgent(); $result = $parser->parse($ua); if (!$detect->isMobile() && !$detect->isTablet()) {
<?php //with php redirect them to the #top automatically everytime include_once $_SERVER['DOCUMENT_ROOT'] . '/202-config/connect.php'; AUTH::require_user(); AUTH::require_valid_app_key('stats202', $_SESSION['user_api_key'], $_SESSION['user_stats202_app_key']); header("Content-type: application/octet-stream"); # replace excelfile.xls with whatever you want the filename to default to header("Content-Disposition: attachment; filename=Stats202-Stats-" . time() . ".xls"); header("Pragma: public"); //header("Expires: 0"); //get the dates for this users' preferences $dates = userPrefDate(); //build the get query for the offers202 restful api $get = array(); $get['apiKey'] = $_SESSION['user_api_key']; $get['stats202AppKey'] = $_SESSION['user_stats202_app_key']; $get['dateFrom'] = $dates['from_date']; $get['dateTo'] = $dates['to_date']; if ($_SESSION['stats202_order']) { $get['order'] = $_SESSION['stats202_order']; } if ($_SESSION['stats202_by']) { $get['by'] = $_SESSION['stats202_by']; } if (!$_SESSION['stats202_by']) { $_SESSION['stats202_by'] = 'DESC'; } $query = http_build_query($get); //build the offers202 api string $url = TRACKING202_API_URL . "/stats202/getStats?{$query}";
$msg = array('class' => 'error', 'msg' => '帳號不存在'); } if ($post['account_type'] == 'db') { if ($post['account_pwd'] != $post['account_pwd2']) { $msg = array('class' => 'error', 'msg' => '兩次輸入的密碼不同'); } } if ($msg == '') { $company = serialize(array('name' => $post['account_name'], 'phone' => $post['account_phone'], 'email' => $post['account_email'])); $acc = ORM::for_table('account')->where('acc_name', $post['account_id'])->find_one(); $acc->acc_auth_type = $post['account_type']; $acc->acc_flag = $post['account_flag']; $acc->acc_company = $company; $acc->save(); if ($post['account_type'] == 'db' && $post['account_pwd'] != '') { $auth = new AUTH($post['account_id']); $auth->setpwd($post['account_pwd']); } $msg = array('class' => 'success', 'msg' => '帳號修改完成'); } $app->render('_notice.html', $msg); }); /* * 刪除 */ $app->get('/user_delete/:id', function ($id) use($app) { $app->applyHook('account.check_sysadmin'); $type_words = AUTH::get_support_auth_type(); $tpl = array('breadcrumb_title' => '刪除帳號', 'type_words' => $type_words); $user = ORM::for_table('account')->where('acc_name', $id)->find_one(); $tpl['acc_name'] = $user->acc_name;